
#ifndef _EXPLOIT_H_
#define _EXPLOIT_H_

// the exploit is capable to modify RO segment
#define EXPLOIT_POKE_TEXT 1
// the exploit writes more than we want, so even it's capable to modify RO segment, it's not safe
#define EXPLOIT_POKE_WITH_GARBAGE 2
// the exploit cannot mmap kernel in a /dev/mem way
#define EXPLOIT_MMAP_ABNORMAL 4

struct st_exploit {
    const char *name;
    int flags;
    int (*invoke)(void *, long addr);
    // maps kernel memory, addr is PA
    void *(*mmap)(void *, long addr, long size);
    // read/write virtual memory
    int (*read32)(void *, long addr, long *val);
    int (*write32)(void *, long addr, long val);
    void *opaque;

    //
    int (*call_direct)(void*);

    /**
     * success if return 0
     * */
    int (*init)(void **);
    void (*free)(void **);
};

typedef struct st_exploit exploit_t;

void exploit_init(exploit_t **);
void exploit_free(exploit_t **);

void setTag(int tag);

#define ADDEXP(name) do { \
    extern exploit_t EXPLOIT_##name; \
    if (i == size) { \
        size = size ? size * 2 : 8; \
        tmp = realloc(exp, (size + 1) * sizeof(exploit_t)); \
        if (!tmp) { \
            if (exp) \
                *list = exp; \
            return; \
        } \
        exp = (exploit_t *) tmp; \
        memset(exp + i, 0, (size + 1 - i) * sizeof(exploit_t)); \
    } \
    exp[i++] = EXPLOIT_##name; \
    } while (0)


#define S_2013_6282_1 1
#define S_2013_6282_2 2
#define S_2013_6282_3 3
#define S_MTK_1 4
#define S_MTK_2 5
#define S_MTK_3 6
#define S_marvell_1 7
#define S_vivante_1 8
#define S_vivante_2 9
#define S_exynos_1 10

    // 20140829

#define S_MTK_4 11
#define S_MTK_5 12
#define S_cve_2011_1149_1 13

	// 14 used

	// 20140830
#define S_cve_2011_1352_1 15
#define S_cve_2009_1815_1 16
#define S_cve_2012_0056_1 17
#define S_cve_2009_2692_1 18


#endif

